↧
X-Post from /r/OpenVPN: OpenVPN and Firewall Woes
↧
mkcert: valid HTTPS certificates for localhost
↧
↧
IPA client install failed
Hello, folks,
during the installation of the IPA client I am experiencing problems.
The IPA server is installed and the connection to the AD-DC is established.
DNS is installed on the IPA server. Other Linux clients have no name resolution.
A part from different configuration files
IPA client
/etc/resolv.conf search example.com nameserver 192.168.10.2
/etc/hostname ipaclient.example.com
/etc/sysconfig/network-scripts/ifcfg-eth0 DNS=192.168.10.2
with dig SRV _ldap._tcp.example.com I get the error: connection timed out; no servers could be reached
with dig SRV _ldap._tcp.windows.com will give me the two AD DC.
does anyone have any idea where the problem could be?
Or do you need more information?
[link] [comments]
↧
Getting wacky with some spreadsheets!
↧
Maintaining Environments
Hey everyone,
I've posted here a coupletimes before, asking for help as a new grad in way over their head. Each time the advice has been exceedingly helpful in steering me in the right direction. I'd like to petition y'all again with a new question: how to maintain environments.
We have the standard three lanes; Dev, Test, and Prod. But each lane is a Hadoop cluster, with 15+ Linux machines running on Azure in a delicately networked subnet.
We're trying to work out the specifics of doing regular maintenance on these machines; patches, implementations, adding new software, keeping SSL certs up to date, the whole works. And it is a nightmare.
- I can't use
yum installbecause Security's whitelist is choking out any external connections (CDN's are universally blocked). - Manually managing upgrades through .rpm's seems like a bad idea.
- Docker seems like it might be a solution, though I can't pull any of the docker images locally.
- I've heard about Ansible; could I use it even if
yumis dead in the water?
/r/linuxadmin, how do you maintain a fleet of Linux boxes without losing your sanity?
[link] [comments]
↧
↧
What change between Ubuntu 16.04 and 18.04 is causing systemd unit default TasksMax to be so low?
I spent last night trying to upgrade my kid's Minecraft server to a new 18.04 host from 16.04. The Minecraft server is put together by hand with a systemd unit managing the process.
Java threw a pthread_create failed exception. The new server wasn't spawning more threads than the old. I eventually narrowed it down to systemd TasksMax default being too low on 18.04. systemd docs say it "Defaults to 15%, which equals 4915 with the kernel's defaults on the host, but might be smaller in OS containers" but doesn't say what 15% of it defaults from in the kernel defaults. A quick test by spinning up a VM and adjusting RAM seems to suggest that the new default systemd TasksMax per unit roughly correlates to 1 per MB of RAM on the host.
Ubuntu Server 18.04.1 VM with 4GB of RAM:
$ systemctl show -p TasksMax user-0 TasksMax=4664 Ubuntu Server 18.04.1 VM with 1GB of RAM:
$ systemctl show -p TasksMax user-0 TasksMax=1113 Ubuntu Server 16.04.3 with 1GB of RAM:
$ systemctl show -p TasksMax user-0 TasksMax=18446744073709551615 Is this caused by a new default in systemd, Ubuntu, or mainline? I solved the problem by increasing the TasksMax setting in the minecraft service unit, but from a technical and professional curiosity I'd like to know the specific change that caused this.
[link] [comments]
↧
Home DIR permission denied after Winbind to SSSD
Working on moving our systems from winbind to SSSD for AD integration.
I converted my test system and am able to log in, however, the test user cannot access their existing home directory from the winbind era: permission denied - so it drops them into / on login.
It would seem that my uid mappings have perhaps changed?
I am wondering if there is a way to get PAM/oddjob to set new permissions on the existing home directory upon login?
Or am I stuck manually chmodding all the home directories once I switch our other systems to SSSD?
[link] [comments]
↧
So bash v5 came out
Would be great if they provided a “bash5” interpreter for shebang lines, so we don’t get subtle errors when running bash 5 code on machines with bash 4-
[link] [comments]
↧
Question regarding using SSH CA along with OAuth2
I maybe completely over complicating things but I have a requirement where a user needs to be able to connect to a bunch of containers and/or VMs through a "bastion host" (which is also a CA trusted by all the running VMs/containers)
Here is where it gets tricky -- The user authentication needs to happen via Keycloak authentication server using OAuth2.
So basically, - The user obtains access token (with long expiry time/automated refresh process and all the other fancy stuff) from Keycloak server - Sends that to the bastion host which verifies the jwt (or via token introspection) - Obtain the "preferred_username" from the response - Use that to filter the VMs/ containers owned by the user and make sure the user has access to it and finally - Log the user to that VM/container.
Am I going crazy or is this the only feasible option? Any suggestions?
PS: Due to the design, I cannot have ldap or have containers and VM communicate with the Keycloak server directly. The authentication and decision making process needs to happen at the bastion host.
[link] [comments]
↧
↧
Question regarding unalias and scripts
It makes sense to me that all scripts should run "\unalias -a" at the beginning to ensure that no command tampering or unintended side effects occur when using scripts, but as usual there are potentially use-cases that I am unaware of or even just basic 'this is a bad idea' situations that I don't know about.
So my question is, would it be good practice to write my scripts with "\unalias -a" included?
[link] [comments]
↧
Does Software RAID Spares Auto Recover?
I migrated one of my oldest database servers from Ubuntu to Arch Linux today. I wanted to run my database on this server but configure software RAID going forward. I attached all my disks to the OS and created the RAID6 array. I also configured [2] hot spares but I'm wondering what specifically will occur in the actual event I lose a main drive of the array?Will mdadm auto recover by rotating the bad drive for an available spare or does this require human intervention?
02:57:09-carlos@pg1:~$ mount | grep md127 /dev/md127 on /var/lib/postgres type ext4 (rw,relatime,stripe=128) 02:57:18-carlos@pg1:~$ cat /proc/mdstat Personalities : [raid6] [raid5] [raid4] md127 : active raid6 sdh1[5](S) sdg1[4](S) sdf1[3] sde1[2] sdd1[1] sdc1[0] 251525120 blocks super 1.2 level 6, 256k chunk, algorithm 2 [4/4] [UUUU] bitmap: 0/1 pages [0KB], 65536KB chunk unused devices: <none> **Edit**
Can anyone also explain why the array personality is not RAID6 alone vs 6,5,4?
I'm guessing it's because RAID 6 is identical to RAID 5 except you get to lose one more drive. I'm not familiar with RAID4 though.
[link] [comments]
↧
SSL CA question
I've read some of the articles in google that CA is consist of 3 which is the Alpha, Beta, and Gamma.
Now I view some of our clients CA files and as I seen the values are changing.
There's a CA file that only have 1 cert and other have 3 cert in it. Why is it? Is this mean that those 1 cert has a scope of 3?
[link] [comments]
↧
Best Way to Filter Out Grep from Grep Results?
Can someone tell me what the easiest way to omit seeing grep from my grep results?
Basically every time I run the 'grep' command, I'd like to so specifically always do:
ps -ef | grep -i mysqld | grep -v grep
[link] [comments]
↧
↧
Does it bother you to have telemetry on your server(s) ?
1) Does it bother you to have telemetry on your server(s) ?
2) What's the marketshare of Windows Server compared to Linux in the server space ? (virtualized, cloud etc everywhere)
3) Do you see Powershell coming to Linux as a good thing ? Do you think it's as powerful as Bash/Python ?
4) Do you see "plain text" config as a weakness of Linux compared WinServ ?
[link] [comments]
↧
How do you investigate remote server freeze because of CPU freeze?
I have some server which started to freeze after kernel update. Server behaves normally and suddenly CPU load goes through the roof, system is not responding to anything but ping, you cannot use SSH to get there, performance data are not collected for the duration of freeze.
How would you investigate which process/ application causes this? I've found SAR which is the last hope. Do you have any tips?
[link] [comments]
↧
oVirt Template Troubleshooting Request
Over the past few weeks I've committed to learning oVirt in my homelab in preparation for a potential deployment at work. I've got a 2 node cluster (2 x 1GbE LACP on each) with a data domain via NFS on a Synology (4 x 1GbE LACP). I created a CentOS minimal template (40GB disk, thin provisioned, actual size 1.4GB on NAS) and can clone a VM from it via Ansible in less than 90 seconds. Perfect.
Tried to do the same with Fedora 29 but when I go to clone it, it takes nearly nearly 8 minutes to complete. I can see traffic is pegged at about 850Mbps on the LAG for almost the entire time. That roughly equates to 40GB transferred however the actual size of the disk on the NAS never excedes the 2.2GB of the Fedora template.
Perhaps I missed an option somewhere but would love any recommendations as to what else I should be looking at. All ideas welcome.
[link] [comments]
↧
Discounts for LPI exams?
Anyone knows how to get discount codes?
Linux academy used to give them away freely, but starting from this year they only give them to paid members if you ask support staff. Are there any other places where one can get discount code for LPI exams?
[link] [comments]
↧
↧
BIND zone file is scrambled - what could be the cause?
Hi,
I just configured BIND9 on two CentOS 7.4 servers and everything is running smoothly. However, when I went to look at the forward lookup zone file on the secondary nameserver (ns01), it appears that the file is somehow in very strange format Examining the file in nano editor reveals that it's for some reason in a Mac format.
Now I've googled how to change the file format in Nano but for some reason it's not working. I even simply deleted the file, prompted the slave to obtain it again from the master server but still the problem remains. However, if I rename the file before the sync, then it acts normally and is readable, but when I change it back to it's original name it gets scrambled like in the picture.
This must be a very simple issue, but I can't figure it out. Thanks in advance for the help. Also, I've edited out the domain name and records.
[link] [comments]
↧
Transitioning from SysAdmin (Linux) Role To Cloud Engineer
Hello Everyone,
As the subject states, I am currently a SysAdmin / LinuxAdmin at my current job. I do a lot of tasks related closer to an SRE type role (System Reliability, performance, release management, troubleshooting with developers, etc.). I've been doing the role for about 5 years and am transitioning to a new job where I will be doing Cloud Engineering related work (AWS, Azure, etc.).
I'm excited to start learning some new things and hopefully being able to dip my toes into some more DevOps concepts (CI/CD Pipeline, Automation, etc.). But I wanted to ask if anyone made a similar career jump / transition, if they have any advice / tips / etc. to help with my transition?
Thanks in advance to everyone for your time and help, it is greatly appreciated!
[link] [comments]
↧
Best software/way to store *secrets*?
↧